I use openconnect in Ubuntu 16.04 terminally, when I want to run it, I need to enter three phases:
How can I bypass above phases using openconnect in a line (e.g. using openconnect options)?
Are there any options for that such as the following line?
sudo openconnect <server-name> --user=<'username'> --pass=<'password'>
I used openconnect --help and found out a way to filling username, but I haven't any idea to filling password and SSL verification.
If you type man openconnect in a terminal you will get a manual page describing usage.
Relevant sections:
-u,--user=NAME
Set login username to NAME--passwd-on-stdin
Read password from standard input
Additionally, you may need to disable certificate warnings:
--no-cert-check
Do not require server SSL certificate to be valid. Checks will still happen and failures will cause a warning message, but the connection will continue anyway. You should not need to use this option - if your servers have SSL certificates which are not signed by a trusted Certificate Authority, you can still add them (or your private CA) to a local file and use that file with the --cafile option.
Or you could add the certificate to a file.
All this can be combined:
echo "password" | sudo openconnect server --user=username --passwd-on-stdin --no-cert-check
I was able to automate both sudo password, VPN user, VPN password and secondary challenge using the following command (tested on mac):
challange=<code> && sudo -S <<< "<sudo_password>" echo I am super user && { printf '<vpn_password>\n'; sleep 1; printf "$challange\n"; } | sudo openconnect <server_name> --user <vpn_username> --passwd-on-stdin
This works for me:
echo mypassword | openconnect --protocol=anyconnect --user=myusername --passwd-on-stdin
To skip the certificate check, The --no-cert-check parameter was removed in new versions. You can use --servercert instead.
--servercert sha256:sdflkdsjflsdjkfds
As I read the solutions, finally this is the script that is working for me:
echo "PASSWORD" | sudo openconnect --protocol=anyconnect SERVER --user=USERNAME --passwd-on-stdin --servercert SERVERCERT
When you run the above command without SERVERCERT(because you don't have it), it gives an error to you that contains the SERVERCERT inside it, something like:
Server SSL certificate didn't match: pin-sha256:76v/J0dQR44xdeBCxKUq/Slvtikc+0xTyRdjaZk/5fA=
and that's it, the string started with pin-sha256:...(the whole of it, include pin-sha256 itself) is your SERVERCERT
So? the final result in this case for example is:
echo "PASSWORD" | sudo openconnect --protocol=anyconnect SERVER --user=USERNAME --passwd-on-stdin --servercert pin-sha256:76v/J0dQR44xdeBCxKUq/Slvtikc+0xTyRdjaZk/5fA=
You can try this very easy to use shell script: https://github.com/sorinipate/vpn-up-for-openconnect
From the project's description:
vpn-up-for-openconnect
VPN Up for OpenConnect
Features
A shell script for openconnect which allows:
- to define multiple VPN connections
- to run openconnect without entering the username and password.
Sample configuration section
#Company VPN export COM_NAME="My Company VPN" export COM_HOST=vpn.mycompany.com export COM_AUTHGROUP=developers export COM_USER=sorin.ipate export COM_PASSWD="MyPassword"Run VPN Up
% alias vpn-up='~/bin/vpn-up.command' % vpn-up
echo "YourPassword" | sudo openconnect vpn.yourserver.com --user=yourUseraname --passwd-on-stdin
" "--no-cert-check is deprecated from the command argument by openconnect (my version: OpenConnect version v7.08-3ubuntu0.18.04.2)
